Windows agents
To register the Windows Agent, you need to start a CMD or a Powershell as Administrator. The installation directory of the Wazuh agent in Windows host depends on the architecture of the host.
C:\Program Files (x86)\ossec-agent
forx86_64
hosts.
C:\Program Files\ossec-agent
forx64
hosts.
This guide suppose that the Wazuh agent is installed in a x86_64
host, so the installation path will be: C:\Program Files (x86)\ossec-agent
.
After that, you can register the agent using agent-auth.exe
:
Copy the CA (.pem file) to the
C:\Program Files (x86)\ossec-agent
folder and run theagent-auth
program:
# cp rootCA.pem C:\Program Files (x86)\ossec-agent # C:\Program Files (x86)\ossec-agent\agent-auth.exe -m 192.168.1.2 -v C:\Program Files (x86)\ossec-agent\rootCA.pem
Edit the Wazuh agent configuration to add the Wazuh server IP address.
In the file
C:\Program Files (x86)\ossec-agent\ossec.conf
, in the<client><server>
section, change the MANAGER_IP value to the Wazuh server address:<client> <server> <address>MANAGER_IP</address> ... </server> </client>
Start the agent.
Using Powershell with administrator access:
# Restart-Service -Name wazuh
Using Windows cmd with administrator access:
# net stop wazuh # net start wazuh